2020-06-27 15:48:36 +00:00
|
|
|
package v1
|
2020-01-04 03:51:53 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"io"
|
|
|
|
|
"io/ioutil"
|
2020-01-24 17:21:31 +00:00
|
|
|
"os"
|
|
|
|
|
"path/filepath"
|
2020-03-04 18:34:23 +00:00
|
|
|
"strings"
|
2020-01-04 03:51:53 +00:00
|
|
|
|
|
|
|
|
"github.com/prysmaticlabs/prysm/shared/bls"
|
|
|
|
|
"github.com/prysmaticlabs/prysm/shared/bytesutil"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Unencrypted is a key manager that loads keys from an unencrypted store.
|
|
|
|
|
type Unencrypted struct {
|
|
|
|
|
*Direct
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-24 17:21:31 +00:00
|
|
|
type unencryptedOpts struct {
|
|
|
|
|
Path string `json:"path"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var unencryptedOptsHelp = `The unencrypted key manager stores keys in a local unencrypted store. The options are:
|
|
|
|
|
- path This is the filesystem path to a file containing the unencrypted keys
|
|
|
|
|
A sample set of options are:
|
|
|
|
|
{
|
|
|
|
|
"path": "/home/me/keys.json" // Access the keys in '/home/me/keys.json'
|
|
|
|
|
}`
|
|
|
|
|
|
|
|
|
|
// NewUnencrypted creates a keymanager from a file of unencrypted keys.
|
|
|
|
|
func NewUnencrypted(input string) (*Unencrypted, string, error) {
|
|
|
|
|
opts := &unencryptedOpts{}
|
|
|
|
|
err := json.Unmarshal([]byte(input), opts)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, unencryptedOptsHelp, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-04 18:34:23 +00:00
|
|
|
if strings.Contains(opts.Path, "$") || strings.Contains(opts.Path, "~") || strings.Contains(opts.Path, "%") {
|
|
|
|
|
log.WithField("path", opts.Path).Warn("Keystore path contains unexpanded shell expansion characters")
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-24 17:21:31 +00:00
|
|
|
path, err := filepath.Abs(opts.Path)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, unencryptedOptsHelp, err
|
|
|
|
|
}
|
|
|
|
|
reader, err := os.Open(path)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, unencryptedOptsHelp, err
|
|
|
|
|
}
|
2020-04-13 04:11:09 +00:00
|
|
|
defer func() {
|
|
|
|
|
if err := reader.Close(); err != nil {
|
|
|
|
|
log.WithError(err).Error("Failed to close file reader")
|
|
|
|
|
}
|
|
|
|
|
}()
|
2020-01-24 17:21:31 +00:00
|
|
|
|
2020-01-04 03:51:53 +00:00
|
|
|
keyMap, err := unencryptedKeysFromReader(reader)
|
|
|
|
|
if err != nil {
|
2020-01-24 17:21:31 +00:00
|
|
|
return nil, unencryptedOptsHelp, err
|
2020-01-04 03:51:53 +00:00
|
|
|
}
|
2020-06-25 00:47:51 +00:00
|
|
|
sks := make([]bls.SecretKey, 0, len(keyMap))
|
2020-01-04 03:51:53 +00:00
|
|
|
for _, key := range keyMap {
|
|
|
|
|
sks = append(sks, key)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
km := &Unencrypted{
|
|
|
|
|
Direct: &Direct{
|
2020-06-25 00:47:51 +00:00
|
|
|
publicKeys: make(map[[48]byte]bls.PublicKey),
|
|
|
|
|
secretKeys: make(map[[48]byte]bls.SecretKey),
|
2020-01-04 03:51:53 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
for i := 0; i < len(sks); i++ {
|
|
|
|
|
pk := sks[i].PublicKey()
|
|
|
|
|
pubKey := bytesutil.ToBytes48(pk.Marshal())
|
|
|
|
|
km.publicKeys[pubKey] = pk
|
|
|
|
|
km.secretKeys[pubKey] = sks[i]
|
|
|
|
|
}
|
2020-01-24 17:21:31 +00:00
|
|
|
return km, "", nil
|
2020-01-04 03:51:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type unencryptedKeysContainer struct {
|
|
|
|
|
Keys []*unencryptedKeys `json:"keys"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type unencryptedKeys struct {
|
|
|
|
|
ValidatorKey []byte `json:"validator_key"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// unencryptedKeysFromReader loads the unencrypted keys from the given reader.
|
2020-06-25 00:47:51 +00:00
|
|
|
func unencryptedKeysFromReader(reader io.Reader) ([]bls.SecretKey, error) {
|
2020-01-04 03:51:53 +00:00
|
|
|
log.Warn("Loading encrypted keys from disk. Do not do this in production!")
|
|
|
|
|
|
|
|
|
|
data, err := ioutil.ReadAll(reader)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
var ctnr *unencryptedKeysContainer
|
|
|
|
|
if err := json.Unmarshal(data, &ctnr); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 00:47:51 +00:00
|
|
|
res := make([]bls.SecretKey, 0, len(ctnr.Keys))
|
2020-01-04 03:51:53 +00:00
|
|
|
for i := range ctnr.Keys {
|
|
|
|
|
secretKey, err := bls.SecretKeyFromBytes(ctnr.Keys[i].ValidatorKey)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
res = append(res, secretKey)
|
|
|
|
|
}
|
|
|
|
|
return res, nil
|
|
|
|
|
}
|
